Gnocchi: many chart fixes
This PS fixes ceph pool creation and secret management, RBAC and Image naming conventions for the Gnocchi chart. Change-Id: I8ad569f9420e3575d6c26c5933f23048096161f5
This commit is contained in:
parent
5178f3d926
commit
e75f443f05
@ -4,3 +4,4 @@
|
||||
caps mds = "allow"
|
||||
caps mon = "allow *"
|
||||
caps osd = "allow *"
|
||||
caps mgr = "allow *"
|
||||
|
24
gnocchi/templates/bin/_clean-secrets.sh.tpl
Normal file
24
gnocchi/templates/bin/_clean-secrets.sh.tpl
Normal file
@ -0,0 +1,24 @@
|
||||
#!/bin/bash
|
||||
|
||||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
set -ex
|
||||
|
||||
exec kubectl delete secret \
|
||||
--namespace ${NAMESPACE} \
|
||||
--ignore-not-found=true \
|
||||
${RBD_POOL_SECRET}
|
@ -28,8 +28,9 @@ set -ex
|
||||
ceph -s
|
||||
function ensure_pool () {
|
||||
ceph osd pool stats $1 || ceph osd pool create $1 $2
|
||||
ceph osd pool application enable $1 $3
|
||||
}
|
||||
ensure_pool ${RBD_POOL_NAME} ${RBD_POOL_CHUNK_SIZE}
|
||||
ensure_pool ${RBD_POOL_NAME} ${RBD_POOL_CHUNK_SIZE} "gnocchi-metrics"
|
||||
|
||||
if USERINFO=$(ceph auth get client.${RBD_POOL_USER}); then
|
||||
KEYSTR=$(echo $USERINFO | sed 's/.*\( key = .*\) caps mon.*/\1/')
|
||||
@ -39,6 +40,7 @@ else
|
||||
ceph auth get-or-create client.${RBD_POOL_USER} \
|
||||
mon "allow *" \
|
||||
osd "allow *" \
|
||||
mgr "allow *" \
|
||||
-o ${KEYRING}
|
||||
fi
|
||||
|
||||
|
@ -24,6 +24,8 @@ metadata:
|
||||
data:
|
||||
storage-init.sh: |+
|
||||
{{ tuple "bin/_storage-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||
clean-secrets.sh: |+
|
||||
{{ tuple "bin/_clean-secrets.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||
db-init.sh: |+
|
||||
{{ tuple "bin/_db-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
|
||||
db-init.py: |+
|
||||
|
@ -44,7 +44,7 @@ spec:
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies $mounts_gnocchi_metricd_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
- name: ceph-keyring-placement
|
||||
image: {{ .Values.images.tags.api }}
|
||||
image: {{ .Values.images.tags.gnocchi_api }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
command:
|
||||
- /tmp/ceph-keyring.sh
|
||||
@ -61,7 +61,7 @@ spec:
|
||||
readOnly: true
|
||||
containers:
|
||||
- name: gnocchi-metricd
|
||||
image: {{ .Values.images.tags.metricd }}
|
||||
image: {{ .Values.images.tags.gnocchi_metricd }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.metricd | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
command:
|
||||
|
@ -43,7 +43,7 @@ spec:
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies $mounts_gnocchi_statsd_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
- name: ceph-keyring-placement
|
||||
image: {{ .Values.images.tags.api }}
|
||||
image: {{ .Values.images.tags.gnocchi_api }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
command:
|
||||
- /tmp/ceph-keyring.sh
|
||||
@ -60,7 +60,7 @@ spec:
|
||||
readOnly: true
|
||||
containers:
|
||||
- name: gnocchi-statsd
|
||||
image: {{ .Values.images.tags.statsd }}
|
||||
image: {{ .Values.images.tags.gnocchi_statsd }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.statsd | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
command:
|
||||
|
@ -48,7 +48,7 @@ spec:
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies $mounts_gnocchi_api_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
- name: ceph-keyring-placement
|
||||
image: {{ .Values.images.tags.api }}
|
||||
image: {{ .Values.images.tags.gnocchi_api }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
command:
|
||||
- /tmp/ceph-keyring.sh
|
||||
@ -65,7 +65,7 @@ spec:
|
||||
readOnly: true
|
||||
containers:
|
||||
- name: gnocchi-api
|
||||
image: {{ .Values.images.tags.api }}
|
||||
image: {{ .Values.images.tags.gnocchi_api }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
command:
|
||||
|
99
gnocchi/templates/job-clean.yaml
Normal file
99
gnocchi/templates/job-clean.yaml
Normal file
@ -0,0 +1,99 @@
|
||||
{{/*
|
||||
Copyright 2017 The Openstack-Helm Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.job_clean }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.clean }}
|
||||
|
||||
{{- $randStringSuffix := randAlphaNum 5 | lower }}
|
||||
|
||||
{{- $serviceAccountName := print "gnocchi-clean-" $randStringSuffix }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: {{ $serviceAccountName }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-delete
|
||||
"helm.sh/hook-delete-policy": hook-succeeded
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- secrets
|
||||
verbs:
|
||||
- get
|
||||
- delete
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: {{ $serviceAccountName }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-delete
|
||||
"helm.sh/hook-delete-policy": hook-succeeded
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: {{ $serviceAccountName }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ $serviceAccountName }}
|
||||
namespace: {{ $envAll.Release.Namespace }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: {{ print "gnocchi-clean-" $randStringSuffix }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-delete
|
||||
"helm.sh/hook-delete-policy": hook-succeeded
|
||||
spec:
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{ tuple $envAll "gnocchi" "clean" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: gnocchi-rbd-secret-clean
|
||||
image: {{ .Values.images.tags.gnocchi_storage_init }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.jobs.clean | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
env:
|
||||
- name: NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- name: RBD_POOL_SECRET
|
||||
value: {{ .Values.secrets.rbd | quote }}
|
||||
command:
|
||||
- /tmp/clean-secrets.sh
|
||||
volumeMounts:
|
||||
- name: gnocchi-bin
|
||||
mountPath: /tmp/clean-secrets.sh
|
||||
subPath: clean-secrets.sh
|
||||
readOnly: true
|
||||
volumes:
|
||||
- name: gnocchi-bin
|
||||
configMap:
|
||||
name: gnocchi-bin
|
||||
defaultMode: 0555
|
||||
{{- end }}
|
@ -14,22 +14,22 @@ See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/}}
|
||||
|
||||
{{- if .Values.manifests.job_db_init_keystone }}
|
||||
{{- if .Values.manifests.job_db_init }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.db_init_keystone }}
|
||||
{{- $dependencies := .Values.dependencies.db_init }}
|
||||
|
||||
{{- $serviceAccountName := "gnocchi-db-init-keystone" }}
|
||||
{{- $serviceAccountName := "gnocchi-db-init" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: gnocchi-db-init-keystone
|
||||
name: gnocchi-db-init
|
||||
spec:
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{ tuple $envAll "gnocchi" "db-init-keystone" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
{{ tuple $envAll "gnocchi" "db-init" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: OnFailure
|
||||
@ -39,7 +39,7 @@ spec:
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
containers:
|
||||
- name: keystone-db-init
|
||||
image: {{ .Values.images.tags.db_init_keystone | quote }}
|
||||
image: {{ .Values.images.tags.db_init | quote }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy | quote }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.jobs.db_init | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
env:
|
@ -38,7 +38,7 @@ spec:
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
- name: ceph-keyring-placement
|
||||
image: {{ .Values.images.tags.api }}
|
||||
image: {{ .Values.images.tags.gnocchi_api }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
command:
|
||||
- /tmp/ceph-keyring.sh
|
||||
@ -93,5 +93,5 @@ spec:
|
||||
name: ceph-etc
|
||||
- name: ceph-keyring
|
||||
secret:
|
||||
secretName: pvc-ceph-client-key
|
||||
secretName: {{ .Values.secrets.rbd | quote }}
|
||||
{{- end }}
|
||||
|
@ -25,8 +25,6 @@ apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: {{ $serviceAccountName }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-delete
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
@ -41,8 +39,6 @@ apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: {{ $serviceAccountName }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-delete
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
@ -69,7 +65,7 @@ spec:
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
|
||||
- name: ceph-keyring-placement
|
||||
image: {{ .Values.images.tags.api }}
|
||||
image: {{ .Values.images.tags.gnocchi_api }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
securityContext:
|
||||
runAsUser: {{ .Values.pod.user.gnocchi.uid }}
|
||||
@ -88,7 +84,7 @@ spec:
|
||||
readOnly: true
|
||||
containers:
|
||||
- name: gnocchi-storage-init
|
||||
image: {{ .Values.images.tags.storage_init }}
|
||||
image: {{ .Values.images.tags.gnocchi_storage_init }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.jobs.storage_init | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
env:
|
||||
|
@ -17,8 +17,12 @@ limitations under the License.
|
||||
{{- if .Values.manifests.pod_gnocchi_test }}
|
||||
{{- $envAll := . }}
|
||||
{{- $dependencies := .Values.dependencies.tests }}
|
||||
|
||||
{{- $mounts_gnocchi_tests := .Values.pod.mounts.gnocchi_tests.gnocchi_tests }}
|
||||
{{- $mounts_gnocchi_tests_init := .Values.pod.mounts.gnocchi_tests.init_container }}
|
||||
|
||||
{{- $serviceAccountName := print .Release.Name "-test" }}
|
||||
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Pod
|
||||
@ -27,28 +31,13 @@ metadata:
|
||||
annotations:
|
||||
"helm.sh/hook": test-success
|
||||
spec:
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
restartPolicy: Never
|
||||
initContainers:
|
||||
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 4 }}
|
||||
- name: ceph-keyring-placement
|
||||
image: {{ .Values.images.tags.api }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
command:
|
||||
- /tmp/ceph-keyring.sh
|
||||
volumeMounts:
|
||||
- name: etcceph
|
||||
mountPath: /etc/ceph
|
||||
- name: gnocchi-bin
|
||||
mountPath: /tmp/ceph-keyring.sh
|
||||
subPath: ceph-keyring.sh
|
||||
readOnly: true
|
||||
- name: ceph-keyring
|
||||
mountPath: /tmp/client-keyring
|
||||
subPath: key
|
||||
readOnly: true
|
||||
containers:
|
||||
- name: {{.Release.Name}}-helm-tests
|
||||
image: {{ .Values.images.tags.api }}
|
||||
image: {{ .Values.images.tags.gnocchi_api }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.jobs.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
|
||||
env:
|
||||
@ -72,10 +61,6 @@ spec:
|
||||
mountPath: /etc/gnocchi/gnocchi.conf
|
||||
subPath: gnocchi.conf
|
||||
readOnly: true
|
||||
- name: ceph-etc
|
||||
mountPath: /etc/ceph/ceph.conf
|
||||
subPath: ceph.conf
|
||||
readOnly: true
|
||||
- name: gnocchi-bin
|
||||
mountPath: /tmp/gnocchi-test.sh
|
||||
subPath: gnocchi-test.sh
|
||||
@ -90,13 +75,5 @@ spec:
|
||||
configMap:
|
||||
name: gnocchi-bin
|
||||
defaultMode: 0555
|
||||
- name: ceph-etc
|
||||
configMap:
|
||||
name: ceph-etc
|
||||
- name: ceph-keyring
|
||||
secret:
|
||||
secretName: pvc-ceph-client-key
|
||||
- name: etcceph
|
||||
emptyDir: {}
|
||||
{{ if $mounts_gnocchi_tests.volumes }}{{ toYaml $mounts_gnocchi_tests.volumes | indent 4 }}{{ end }}
|
||||
{{- end }}
|
||||
|
@ -9,18 +9,18 @@ labels:
|
||||
images:
|
||||
tags:
|
||||
dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1
|
||||
storage_init: docker.io/ceph/daemon:tag-build-master-luminous-ubuntu-16.04
|
||||
gnocchi_storage_init: docker.io/ceph/daemon:tag-build-master-luminous-ubuntu-16.04
|
||||
db_init_indexer: docker.io/postgres:9.5
|
||||
# using non-kolla images until kolla supports postgres as
|
||||
# an indexer
|
||||
db_init_keystone: quay.io/attcomdev/ubuntu-source-gnocchi-api:3.0.3
|
||||
db_init: quay.io/attcomdev/ubuntu-source-gnocchi-api:3.0.3
|
||||
db_sync: quay.io/attcomdev/ubuntu-source-gnocchi-api:3.0.3
|
||||
ks_user: docker.io/kolla/ubuntu-source-heat-engine:3.0.3
|
||||
ks_service: docker.io/kolla/ubuntu-source-heat-engine:3.0.3
|
||||
ks_endpoints: docker.io/kolla/ubuntu-source-heat-engine:3.0.3
|
||||
api: quay.io/attcomdev/ubuntu-source-gnocchi-api:3.0.3
|
||||
statsd: quay.io/attcomdev/ubuntu-source-gnocchi-statsd:3.0.3
|
||||
metricd: quay.io/attcomdev/ubuntu-source-gnocchi-metricd:3.0.3
|
||||
gnocchi_api: quay.io/attcomdev/ubuntu-source-gnocchi-api:3.0.3
|
||||
gnocchi_statsd: quay.io/attcomdev/ubuntu-source-gnocchi-statsd:3.0.3
|
||||
gnocchi_metricd: quay.io/attcomdev/ubuntu-source-gnocchi-metricd:3.0.3
|
||||
pull_policy: "IfNotPresent"
|
||||
|
||||
network:
|
||||
@ -37,9 +37,11 @@ network:
|
||||
port: 8125
|
||||
|
||||
dependencies:
|
||||
clean:
|
||||
services:
|
||||
storage_init:
|
||||
services:
|
||||
db_init_keystone:
|
||||
db_init:
|
||||
services:
|
||||
- service: oslo_db
|
||||
endpoint: internal
|
||||
@ -50,7 +52,8 @@ dependencies:
|
||||
endpoint: internal
|
||||
db_sync:
|
||||
jobs:
|
||||
- gnocchi-db-init-keystone
|
||||
- gnocchi-storage-init
|
||||
- gnocchi-db-init
|
||||
- gnocchi-db-init-indexer
|
||||
services:
|
||||
- service: oslo_db_postgresql
|
||||
@ -190,6 +193,13 @@ pod:
|
||||
memory: "1024Mi"
|
||||
cpu: "2000m"
|
||||
jobs:
|
||||
clean:
|
||||
requests:
|
||||
memory: "124Mi"
|
||||
cpu: "100m"
|
||||
limits:
|
||||
memory: "1024Mi"
|
||||
cpu: "2000m"
|
||||
db_init:
|
||||
requests:
|
||||
memory: "124Mi"
|
||||
@ -313,9 +323,9 @@ conf:
|
||||
max_retries: -1
|
||||
storage:
|
||||
driver: ceph
|
||||
ceph_pool: metrics
|
||||
ceph_username: admin
|
||||
ceph_keyring: /etc/ceph/ceph.client.admin.keyring
|
||||
ceph_pool: gnocchi.metrics
|
||||
ceph_username: gnocchi
|
||||
ceph_keyring: /etc/ceph/ceph.client.gnocchi.keyring
|
||||
ceph_conffile: /etc/ceph/ceph.conf
|
||||
file_basepath: /var/lib/gnocchi
|
||||
provided_keyring: null
|
||||
@ -441,8 +451,9 @@ manifests:
|
||||
daemonset_statsd: true
|
||||
deployment_api: true
|
||||
ingress_api: true
|
||||
job_clean: true
|
||||
job_db_init_indexer: true
|
||||
job_db_init_keystone: true
|
||||
job_db_init: true
|
||||
job_db_sync: true
|
||||
job_ks_endpoints: true
|
||||
job_ks_service: true
|
||||
|
Loading…
Reference in New Issue
Block a user